I assume you know how to build your own kernel and patch it up for XFS,
configure and
install it.
You can use Ext3, JFS or Reiserfs as well for snapshots. Read below for more
details.
Linux box info:
... make menuconfig ... |
File systems ---> <M> XFS filesystem support [*] ACL support |
rpm -e samba redhat-config-samba samba-client samba-common rpm -Uvh acl-2.2.7-0.i386.rpm libacl-2.2.7-0.i386.rpm libacl-devel-2.2.7-0.i386.rpm cd /root/Build/ gtar -xvjf ~/samba-3.0.0.tar.bz2 cd /root/Build/samba-3.0.0/source/ ./configure --with-acl-support --prefix=/opt/samba/3.0.0 make make install cp /root/Build/samba-3.0.0/source/nsswitch/libnss_winbind.so /lib ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 ldconfig cd /opt/samba/ ln -s 3.0.0 P vi /opt/samba/P/lib/smb.conf |
[global] workgroup = MYDOMAIN netbios name = MYNAME encrypt passwords = yes security = domain hosts allow = 192.168.1 127. map acl inherit = yes log file = /opt/samba/P/var/log.%m max log size = 50 nt acl support = yes server string = Samba Server winbind uid = 10000-20000 winbind gid = 10000-20000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [MyShare] comment = A Shared Drive browseable = yes writable = yes guest ok = no path = /var/net/MyShare |
vi /etc/nsswitch.conf |
# passwd: files passwd: files winbind # group: files group: files winbind |
/opt/samba/P/sbin/smbd -D /opt/samba/P/sbin/nmbd -D |
vi /etc/sysconfig/iptables |
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 445 --syn -j ACCEPT |
service iptables start |
mkdir -p /var/net/MyShare chmod 770 /var/net chmod 770 /var/net/MyShare setfacl -m g:MYDOMAIN\\MYDOMAIN:rwx /var/net setfacl -m g:MYDOMAIN\\MYDOMAIN:rwx /var/net/MyShare |
/opt/samba/P/bin/wbinfo -u /opt/samba/P/bin/wbinfo -g getent passwd getent group |
|
|
| This method of snapshot isn't the most efficient method of micro-backup as the altered block gets copied to multiple snapshots. Some sort of circular buffer in the LVM with a timestamp would mean that we could view the disk at nominated point in time, up to the size of the buffer. I'm not too sure what XFS would think of this as I quiesce the disks before snapshotting at the moment. Anyway, all this is the stuff is potential tomorrow-ware. |
| Of course, this method of snapshot and mount works fine for Linux/Unix filesystems as well but they tend to not corrupt their files as often. :) |
| Note: A snapshot as used by LVM under Linux is an frozen, point in time instantaneous capture of a filesystem. As a block is altered on the "real" filesystem, before that block is written over, it is copied off to the LVM snapshot layer (Copy On Write or COW). If you've used UML (UserMode Linux) you'll know what I mean. This COW has at cost though. |
#! /bin/sh
# Snapshots source: /dev/Disks/$SHARE/
# To destination: /var/net/${SHARE}BKUP/HHMM/ where HH=Hour, MM=Minutes
#
# Crontab: 0,30 7-18 * * * /root/Bin/live_backup.sh
# Author: c.mills@auckland.ac.nz Clark Mills Fri Oct 17 09:17:38 NZDT 2003
export PATH=/sbin:/bin:/usr/local/bin/
SHARE=MyShare
MINUTE=`date +%M`
HOUR=`date +%H`
if [ "$MINUTE" -gt 15 -a "$MINUTE" -lt 45 ]; then
MINUTE='30'
else
MINUTE='00'
fi
umount /var/net/${SHARE}/${HOUR}${MINUTE}
lvremove -f /dev/Disks/${SHARE}_bk${HOUR}${MINUTE}
xfs_freeze -f /var/net/${SHARE}
lvcreate -L500M --snapshot --name ${SHARE}_bk${HOUR}${MINUTE} /dev/Disks/${SHARE}
xfs_freeze -u /var/net/${SHARE}
mount -o ro,nouuid /dev/Disks/${SHARE}_bk${HOUR}${MINUTE} /var/net/${SHARE}BKUP/${HOUR}${MINUTE}
# EOF
|
vi /opt/samba/P/lib/smb.conf |
[MyShareBKUP] comment = Timed Backup of MyShare Drive browseable = yes writable = no guest ok = no path = /var/net/MyShareBKUP |
Under each timed folder, eg. \\MYNAME\MyShareBKUP\0700, you see the same tree as the
main read/write share \\MYNAME\MyShare. The difference is that the content is captured
as read-only for 24 hours or until the server is shutdown (Linux doesn't crash :)
From: Nic Bellamy Subject: RE: [nzlug] Samba Linux w ACL & 30 minute backups Date: 20 Oct 2003 16:30:23 +1300[DELETED] ...perhaps mention the nifty snapshot method can also be used with filesystems other than XFS (such as ext3/reiserfs), but you need to add the VFS-Lock patch to your kernel (it's found within the LVM source tarball).1 1Yes, you can do it without the patch too - if you feel like unmounting the filesystem while you do it. [DELETED] |
|
On Wed, 2003-10-22 at 12:03, Ravi wrote: > setfacl -m g:MYDOMAIN\\MYDOMAIN:rwx /var/net > setfacl -m g:MYDOMAIN\\MYDOMAIN:rwx /var/net/MyShare > > I got confused with above two lines Could you please explain to me what to > do with "g:MYDOMAIN\\MYDOMAIN:rwx"? > Do I need to create a Group called MYDOMAIN, for instance RAVIGROUP? Hi Ravi. setfacl -m g:MYDOMAIN\\MYGROUP:rwx /var/net might be a clearer way to put it. Replace MYGROUP with any existing domain group you feel should have access to the folder. Replace MYDOMAIN with your DOMAIN. If you don't do this, the users won't have permission to get into the share. |
From: Bruno Veluet <bveluet(a)leonix.fr> Organization: Leonix Technologies Subject: SNAPSHOTS SAMBA ... Date: 28 Mar 2005 15:24:39 +0200 (CEST)[DELETED] When I found your Howto about "Linux, Samba, XFS, ACL and Windows Authentication", I was extremly interested in LVM snapshots. So I tested it but some of the bugs you listed was very annoying. I've worked on your script a little more in order to find some workaround. I send to you the updated script. HERE The workaround for "Can we umount/remount if a Samba user is in the share? "busy"? " is: (Only in the case of a fileserver which is sharing the directories in dev/sysfs/home and no other apps are working on it...)
1. Freeze smbd 2. Is smbd accessing on a file in write mode ? if yes => Unfreeze smbd ; sleep the script ; goto 1. else continue (We suppose that no process are accessing the partition) 3. Take the snapshot with LVM 4. when it's ok : unfreeze smbd 5. mount the snapshot.I've had lot of problems with XFS and LVM2 on 2.6(.8, .9, .10) kernels... (ie : xfs_freeze hangs ...) so I choosed ext3. [DELETED] |
From: Axel Fleischer <x (a) axxel.net> Subject: linux samba xfs acl + msoffice Date: 23 May 2005[DELETED] I'm using the same configuration for a medium size office server with about 60 clients. It mostly works fine since 2003, but a bug occurs: https://bugzilla.samba.org/show_bug.cgi?id=1280 A short description: userA creates an msoffice document userA saves it. userA closes it. userB opens this document userB saves it. userB closes it. Result: The document has 'readonly'(4xx) user rights, the document is write protected. This behaviour is caused by the special MSOffice handling of generating new files during the save procedure. Do you know about this? Any experiences? Any suggestions? [DELETED] |
From: Clark Mills[DELETED] Off the top of my head, would the smb.conf command: force create mode = 0660 help here? I'm assuming that ACLs are what matter at the end of the day and that unix permissions don't matter except when they get in the way. [DELETED] |
From: Axel FleischerWOW! IT WORX! [DELETED] |
Thu Oct 16 15:37:44 NZDT 2003 c.mills Created Fri Oct 17 09:26:25 NZDT 2003 c.mills Added Snapshot script Mon Oct 20 12:51:38 NZDT 2003 c.mills Windows Explorer view and Bugs Mon Oct 20 16:01:25 NZDT 2003 c.mills Try explain why an LVM snapshot is better than rsync. Mon Oct 20 21:05:09 NZDT 2003 c.mills Note f/s' other than XFS are snapshotable Thu Oct 23 10:48:06 NZDT 2003 c.mills NT group clarification for Ravi Wed Mar 30 10:34:09 NZST 2005 c.mills Added Bruno Veluet, Leonix Technologies snapshots.sh script Mon May 23 21:51:20 NZST 2005 c.mills Added Axel Fleischer, possible work around for file mode problem Wed Jun 7 15:19:56 NZST 2006 c.mills Pedantic way of joining domain addedClark Mills c.mills@auckland.ac.nz